As is known in the art, computer systems generally include a platform generally comprised of a certain hardware base, including a central processing unit and computer memory, an operating system, and application or utility software that runs on top of the operating system. Data storage systems typically include some elements of a computer system and data storage devices installed in an array fashion. Such data storage systems are useful if accessible by users and applications using other computer systems, but typically some software may be accessible to some users and not others depending on what level of software has been installed on their computer and/or the data storage system.
Security is a very important aspect of software and data storage in general. Raised security expectations among customers who buy and use computer software can be attributed to the necessity to comply with a multitude of regulations and the need to protect them against vulnerability exploitation. As examples of these new expectations, the following practices and behaviors are now common. Customers are conducting vulnerability assessments against the products they purchase and deploy. Compliance officers now mandate specific security functions in products deployed within the corporation. IT security teams are now tasked with routinely running security scanning tools on networked devices. The timeline for patching vulnerabilities in products is now a matter of days or weeks, not months.
Security flaws in computer software are often to blame for at least some of the vulnerabilities presented by such software. Such flaws include design flaws, development process flaws, and incomplete security testing. Design flaws are either the lack of critical security functions, or a poor implementation of a security feature. Typical examples are sending clear text password over IP networks or the use of weak cryptographic algorithms. Software development flaws are mistakes that occur during development that can result in security incidents. Well-known examples of software development flaws are the use of 3rd party products with publicly available exposures and remedies or buffer overflows which are created by a lack of character string length control. Testing flaws refer to security vulnerabilities that persist because the security vulnerabilities are not discovered, or if discovered not fixed prior to general acceptance. It would be advancement in the computer arts for there to be a tool that closely binds these areas with a methodology to measure and lessen security vulnerabilities of computer software. It would also be advancement if such a tool were easy to use, efficient, and at least in part computer-executed.